[people/pmueller/ipfire-2.x.git] / src / patches / suse-2.6.27.31 / patches.arch / s390-03-08-zfcp-abort-race.patch

From: Gerald Schaefer <geraldsc@de.ibm.com>
Subject: zfcp: eliminate race between validation and locking.
References: bnc#440610

Symptom:     machine stalls
Problem:     ptr is verified before processing is secured by lock.
Solution:    assign, verify ptr after secured by lock

Acked-by: John Jolly <jjolly@suse.de>
---
 drivers/s390/scsi/zfcp_fsf.c |   14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

Index: linux-sles11/drivers/s390/scsi/zfcp_fsf.c
===================================================================
--- linux-sles11.orig/drivers/s390/scsi/zfcp_fsf.c
+++ linux-sles11/drivers/s390/scsi/zfcp_fsf.c
@@ -2115,18 +2115,21 @@ static inline void zfcp_fsf_trace_latenc
 
 static void zfcp_fsf_send_fcp_command_task_handler(struct zfcp_fsf_req *req)
 {
-	struct scsi_cmnd *scpnt = req->data;
+	struct scsi_cmnd *scpnt;
 	struct fcp_rsp_iu *fcp_rsp_iu = (struct fcp_rsp_iu *)
 	    &(req->qtcb->bottom.io.fcp_rsp);
 	u32 sns_len;
 	char *fcp_rsp_info = (unsigned char *) &fcp_rsp_iu[1];
 	unsigned long flags;
 
-	if (unlikely(!scpnt))
-		return;
-
 	read_lock_irqsave(&req->adapter->abort_lock, flags);
 
+	scpnt = req->data;
+	if (unlikely(!scpnt)) {
+		read_unlock_irqrestore(&req->adapter->abort_lock, flags);
+		return;
+	}
+
 	if (unlikely(req->status & ZFCP_STATUS_FSFREQ_ABORTED)) {
 		set_host_byte(scpnt, DID_SOFT_ERROR);
 		set_driver_byte(scpnt, SUGGEST_RETRY);
@@ -2181,7 +2184,8 @@ skip_fsfstatus:
 		zfcp_scsi_dbf_event_result("norm", 6, req->adapter, scpnt, req);
 
 	scpnt->host_scribble = NULL;
-	(scpnt->scsi_done) (scpnt);
+	if (scpnt->scsi_done)
+		(scpnt->scsi_done) (scpnt);
 	/*
 	 * We must hold this lock until scsi_done has been called.
 	 * Otherwise we may call scsi_done after abort regarding this
Commit	Line	Data
00e5a55c BS	1	From: Gerald Schaefer <geraldsc@de.ibm.com>
	2	Subject: zfcp: eliminate race between validation and locking.
	3	References: bnc#440610
	4
	5	Symptom: machine stalls
	6	Problem: ptr is verified before processing is secured by lock.
	7	Solution: assign, verify ptr after secured by lock
	8
	9	Acked-by: John Jolly <jjolly@suse.de>
	10	---
	11	drivers/s390/scsi/zfcp_fsf.c \| 14 +++++++++-----
	12	1 file changed, 9 insertions(+), 5 deletions(-)
	13
	14	Index: linux-sles11/drivers/s390/scsi/zfcp_fsf.c
	15	===================================================================
	16	--- linux-sles11.orig/drivers/s390/scsi/zfcp_fsf.c
	17	+++ linux-sles11/drivers/s390/scsi/zfcp_fsf.c
	18	@@ -2115,18 +2115,21 @@ static inline void zfcp_fsf_trace_latenc
	19
	20	static void zfcp_fsf_send_fcp_command_task_handler(struct zfcp_fsf_req *req)
	21	{
	22	- struct scsi_cmnd *scpnt = req->data;
	23	+ struct scsi_cmnd *scpnt;
	24	struct fcp_rsp_iu fcp_rsp_iu = (struct fcp_rsp_iu )
	25	&(req->qtcb->bottom.io.fcp_rsp);
	26	u32 sns_len;
	27	char fcp_rsp_info = (unsigned char ) &fcp_rsp_iu[1];
	28	unsigned long flags;
	29
	30	- if (unlikely(!scpnt))
	31	- return;
	32	-
	33	read_lock_irqsave(&req->adapter->abort_lock, flags);
	34
	35	+ scpnt = req->data;
	36	+ if (unlikely(!scpnt)) {
	37	+ read_unlock_irqrestore(&req->adapter->abort_lock, flags);
	38	+ return;
	39	+ }
	40	+
	41	if (unlikely(req->status & ZFCP_STATUS_FSFREQ_ABORTED)) {
	42	set_host_byte(scpnt, DID_SOFT_ERROR);
	43	set_driver_byte(scpnt, SUGGEST_RETRY);
	44	@@ -2181,7 +2184,8 @@ skip_fsfstatus:
	45	zfcp_scsi_dbf_event_result("norm", 6, req->adapter, scpnt, req);
	46
	47	scpnt->host_scribble = NULL;
	48	- (scpnt->scsi_done) (scpnt);
	49	+ if (scpnt->scsi_done)
	50	+ (scpnt->scsi_done) (scpnt);
	51	/*
	52	* We must hold this lock until scsi_done has been called.
	53	* Otherwise we may call scsi_done after abort regarding this